308 | New Jersey Privacy Act
(5) opt out of the processing of personal data for the purposes of
(a)  targeted advertising; (b) the sale of personal data; or (c) profiling in furtherance of decisions that produce legal or
similarly significant effects concerning the consumer.
b.  A controller that has lawfully obtained personal data about a consumer from a source other than the consumer shall
be deemed in compliance with a consumer’s request to delete such data pursuant to this subsection by:
(1)  retaining a record of the deletion request and the minimum data necessary for the purpose of ensuring the
consumer’s personal data remains deleted from the controller’s records and not using such retained information
for any other purpose pursuant to the provisions of P.L., c. (C.) (pending before the Legislature as this bill); or
(2) deleting such personal data.5
58. a.  A consumer may designate another person to serve as the consumer’s authorized agent and act on the consumer’s
behalf to opt out of the processing and sale of the consumer’s personal data. A consumer may designate an authorized
agent using technology, including a link to an Internet website, an Internet browser setting or extension, or a global
setting on an electronic device, that allows the consumer to indicate the consumer’s intent to opt-out of the collection
and processing for the purpose of any sale of data or for the purpose of targeted advertising or 6, when such technology
exists,6 for profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer. A
controller shall comply with an opt- out request received from an authorized agent under this subsection if the controller
is able to verify, with commercially reasonable effort, the identity of the consumer and the authorized agent’s authority
to act on the consumer’s behalf.
b.  (1)  Beginning not later than 6[four] six6 months following the effective date of P.L., c. (C.) (pending before the Legislature
as this bill), a controller that processes personal data for purposes of targeted advertising, 6or6 the sale of personal data
6[, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer]6
shall allow consumers to exercise the right to opt-out of such processing through a user-selected universal opt-out
mechanism.
(2) The platform, technology, or mechanism shall:
(a) not permit its manufacturer to unfairly disadvantage another controller;
(b)  not make use of a default setting that opts-in a consumer to the processing or sale of personal data, unless the
controller has determined that the consumer has selected such default setting and the selection clearly represents
the consumer’s 6[an]6 affirmative, freely given, and unambiguous choice to 6[opt-out of] opt into6 any processing of
such consumer’s personal data pursuant to P.L., c.(C.) (pending before the Legislature as this bill);
(c) be consumer-friendly, clearly described, and easy to use by the average consumer;
(d)  be as consistent as possible with any other similar platform, technology, or mechanism required by any federal or
state law or regulation; and
(e)  enable the controller to accurately determine whether the consumer is a resident of this State and whether the
consumer has made a legitimate request to opt out of the processing of personal data for the purposes of any sale
of such consumer’s personal data or targeted advertising 6[; and
(3)  Controllers shall inform consumers about the opt-out choices available under P.L., c. (C.) (pending before the Legislature
as this bill)]6
.
c.  The Division of Consumer Affairs in the Department of Law and Public Safety may adopt rules and regulations that
detail the technical specifications for one or more universal opt-out mechanisms that clearly communicate a consumer’s
affirmative, freely given, and unambiguous choice to opt out of the processing of personal data pursuant to P.L., c. (C.)
(pending before the Legislature as this bill), including regulations that permit the controller to accurately authenticate
the consumer as a resident of this state and determine that the mechanism represents a legitimate request to opt out
of the processing of personal data pursuant to P.L., c.(C.) (pending before the Legislature as this bill). The division may
update the rules that detail the technical specifications for the mechanisms from time to time to reflect the means by
which consumers interact with controllers.5